Professional, Legal and Ethical Issues
Download
Report
Transcript Professional, Legal and Ethical Issues
Professional, Legal and Ethical
Issues
CPSC 356 Database
Ellen Walker
Hiram College
(Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
Data is Valuable
• Clickstream data (terabytes)
– Data mining for business advantage
• Financial transactions (petabytes)
• Personal information
– Open to identity theft and fraud
Ethical vs. Legal Behavior
• Ethics
– A set of principles of correct conduct or a theory or
a system of moral values
• Law
– A set of rules enacted by and enforced by a
government
• Not all ethical behavior is legal
• Not all unethical behavior is illegal
Sample (US) Laws with Implications
• Sarbanes – Oxley Act
• Health Insurance Portability and
Accountability Act (HIPAA)
• Family Educational Rights and Privacy Act
(FERPA)
Sarbanes Oxley Act (SOX)
• Goal is to tighten requirements on how
companies form boards of directors, interact
with auditors and report finances
• Created in aftermath of Enron scandal
• To comply, companies must consider how
data is collected, processed, secured, and
reported
Complying with SOX
• COBIT is an IT governance framework and
supporting toolset that allows managers to
bridge the gap between control requirements,
technical issues, and business risks.
• COSO is a framework that focuses more
narrowly on internal controls, including
culture, risk assessment, control activities,
reporting and monitoring
Health Insurance Portability and
Accountability Act (HIPAA)
• Release of patient information requires consent forms
– “We can’t tell you anything – we can’t even tell you that we
know anything” – Lynn Taylor
• Standards for electronic health/medical records and
insurance claims
• Establishing a nationally recognized identifier (NOT
SSN) to be used by all employee health plans
• Standards for security of patient data and
transactions
• Need for a nationally recognized identifier for
healthcare providers
Family Educational Rights and
Privacy Act (FERPA)
• Protects privacy of student educational
records
• Parents have rights until age 18 or until
student graduates from HS, then rights
transfer to student
• Schools must have written permission from
student (or parent if pre-college) to release
any information
FERPA Exceptions
• Directory information
– Name, address, date & place of birth, honors
• Designated parties
–
–
–
–
School officials with legitimate need to know
Other schools to which student transfers
Specified officials for audit or evaluation
Whoever needs to know for financial aid
• Compliance with a judicial order or state law
• Health and safety emergencies
Codes of Ethics
• ACM Code (see www.acm.org)
• BCS code (www.bcs.org)
• Areas covered
–
–
–
–
Public interest
Duty to relevant authority
Duty to the profession
Professional competence and integrity
Intellectual Property
• IP = The product of human creativity in the
industrial, scientific, literary and artistic fields
• Examples:
–
–
–
–
–
Invention
Program
Play
Painting
Musical composition
Protecting IP
• Patent
– Very strong protection for limited time, requires
disclosure
• Copyright
– Protects the expression of an idea
• Romeo & Juliet vs. “boy loves girl with tragic ending”
– Much longer term than patent
• Trademark
– Protects a word, symbol, image, sound, etc. with
regard to a specific company (type of goods)
Trade Secret
• A trade secret is protected not by law (no
disclosure), but by secrecy
• If you can figure it out (by reverseengineering), you can legally use it in your
own product
– Not by “reading the source code”
– Not by theft
– Clean room reverse engineering technique
Software
• Generally, protected by copyright, but there
are software patents
– Patent must be for the idea, not the program
– Example: pull-down menu
• Copyright protects the expression, not the
idea
– “Look and feel” lawsuits
Software License
•
•
•
•
Commercial software (perpetual use)
Commercial software (annual fee)
Shareware
Freeware
• Note: only some freeware is open-source;
open-source software can still carry a license,
e.g. GPL